twelvedata-api
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The skill correctly recommends using environment variables for the API key rather than hardcoding. Network requests are directed exclusively to the official API domain
api.twelvedata.comand its WebSocket counterpart. - [Unverifiable Dependencies & RCE] (SAFE): The dependencies used (
twelvedata,requests,pandas) are standard and reputable packages from PyPI. There are no signs of arbitrary command execution or remote script downloading. - [Indirect Prompt Injection] (LOW): The skill ingests external data from the Twelve Data API (e.g., company descriptions, search results). While this introduces a surface for indirect prompt injection, the skill's primary function is to return structured financial data for analysis rather than making high-privilege decisions or executing commands based on that data.
- [Obfuscation] (SAFE): No encoded content, homoglyphs, or hidden characters were detected in the source code or documentation.
- [Privilege Escalation] (SAFE): The skill does not request administrative privileges or attempt to modify system-level configurations.
Audit Metadata